Search in sources :

Example 16 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class DefaultAccRoleAccountService method delete.

@Override
@Transactional
public void delete(AccRoleAccountDto entity, boolean deleteTargetAccount, BasePermission... permission) {
    Assert.notNull(entity, "Entity is required.");
    super.delete(entity, permission);
    UUID account = entity.getAccount();
    // We check if exists another (ownership) identityAccounts, if not
    // then
    // we will delete account
    AccRoleAccountFilter filter = new AccRoleAccountFilter();
    filter.setAccountId(account);
    filter.setOwnership(Boolean.TRUE);
    List<AccRoleAccountDto> entityAccounts = this.find(filter, null).getContent();
    boolean moreEntityAccounts = entityAccounts.stream().filter(treeAccount -> {
        return treeAccount.isOwnership() && !treeAccount.equals(entity);
    }).findAny().isPresent();
    if (!moreEntityAccounts && entity.isOwnership()) {
        // We delete all tree accounts first
        entityAccounts.forEach(identityAccount -> {
            super.delete(identityAccount);
        });
        // Finally we can delete account
        accountService.publish(new AccountEvent(AccountEventType.DELETE, accountService.get(account), ImmutableMap.of(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY, deleteTargetAccount, AccAccountService.ENTITY_ID_PROPERTY, entity.getEntity())));
    }
}
Also used : AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) AccountEvent(eu.bcvsolutions.idm.acc.event.AccountEvent) UUID(java.util.UUID) Transactional(org.springframework.transaction.annotation.Transactional)

Example 17 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class DefaultRoleSynchronizationExecutorTest method testSyncRolesCatalogueRemoveUnderMain.

@Test
public void testSyncRolesCatalogueRemoveUnderMain() {
    AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
    SysSystemDto userSystem = helper.createTestResourceSystem(true);
    List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
    Assert.assertNotNull(userSystemMappings);
    Assert.assertEquals(1, userSystemMappings.size());
    SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
    // Switch to the sync.
    userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
    userMappingDto = systemMappingService.save(userMappingDto);
    List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
    SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
    Assert.assertNotNull(userEmailAttribute);
    Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
    Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
    SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
    SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
    SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
    UUID roleSystemId = schemaObjectClassDto.getSystem();
    Assert.assertNotNull(roleSystemId);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(roleSystemId);
    schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
    SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
    Assert.assertNotNull(schemaAttributeDto);
    SysSystemDto roleSystemDto = new SysSystemDto();
    roleSystemDto.setId(roleSystemId);
    List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
    Assert.assertNotNull(roleSystemMappings);
    Assert.assertEquals(1, roleSystemMappings.size());
    SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
    // Use ACC script "resolveRoleCatalogueUnderMainCatalogue".
    IdmScriptFilter scriptFilter = new IdmScriptFilter();
    scriptFilter.setCode("resolveRoleCatalogueUnderMainCatalogue");
    scriptFilter.setCategory(IdmScriptCategory.TRANSFORM_FROM);
    String catalogTransformationScript = null;
    IdmScriptDto scriptDto = scriptService.find(scriptFilter, null).getContent().stream().findFirst().orElse(null);
    if (scriptDto != null) {
        catalogTransformationScript = this.getPluginExecutors().getPluginFor(IdmScriptCategory.TRANSFORM_FROM).generateTemplate(scriptDto);
    }
    Assert.assertNotNull(catalogTransformationScript);
    // Create mapping attribute for get catalog.
    SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
    roleIdAttribute.setEntityAttribute(true);
    roleIdAttribute.setUid(false);
    roleIdAttribute.setSystemMapping(roleMappingDto.getId());
    roleIdAttribute.setExtendedAttribute(false);
    roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
    roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
    roleIdAttribute.setTransformFromResourceScript(catalogTransformationScript);
    roleIdAttribute.setName(helper.createName());
    roleIdAttribute = attributeMappingService.save(roleIdAttribute);
    IdmRoleCatalogueDto parentRoleCatalogue = getHelper().createRoleCatalogue();
    IdmRoleCatalogueDto mainRoleCatalogue = getHelper().createRoleCatalogue(getHelper().createName(), parentRoleCatalogue.getId());
    // Enable assign of role catalogue.
    roleConfigDto.setAssignCatalogueSwitch(true);
    roleConfigDto.setRemoveCatalogueRoleSwitch(false);
    roleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogue.getId());
    roleConfigDto.setRemoveCatalogueRoleParentNode(mainRoleCatalogue.getId());
    syncConfigCustom = syncConfigService.save(roleConfigDto);
    // 
    helper.startSynchronization(syncConfigCustom);
    // 
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
    List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
    Assert.assertEquals(1, logs.size());
    SysSyncLogDto log = logs.get(0);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setSystemId(roleSystemId);
    List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(5, roleAccountDtos.size());
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueRoleFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
        Assert.assertEquals(1, roleCatalogueRoleDtos.size());
        Assert.assertEquals(mainRoleCatalogue.getId(), roleCatalogueRoleDtos.get(0).getRoleCatalogue());
    });
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        getHelper().createRoleCatalogueRole(roleService.get(roleId), mainRoleCatalogue);
        getHelper().createRoleCatalogueRole(roleService.get(roleId), parentRoleCatalogue);
        IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueRoleFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
        // The role is in 3 catalogs (one from system, two redundant).
        Assert.assertEquals(3, roleCatalogueRoleDtos.size());
        Assert.assertEquals(mainRoleCatalogue.getId(), roleCatalogueRoleDtos.get(0).getRoleCatalogue());
    });
    // Start a sync again. Remove redundant catalogs is not enabled -> Same results.
    helper.startSynchronization(syncConfigCustom);
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.UPDATE_ENTITY, 5, OperationResultType.SUCCESS);
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueRoleFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
        // Remove redundant catalogs is not enabled -> Same results: The role is in 3 catalogs (one from system, two redundant).
        Assert.assertEquals(3, roleCatalogueRoleDtos.size());
        Assert.assertEquals(mainRoleCatalogue.getId(), roleCatalogueRoleDtos.get(0).getRoleCatalogue());
    });
    roleConfigDto.setRemoveCatalogueRoleSwitch(true);
    roleConfigDto.setRemoveCatalogueRoleParentNode(mainRoleCatalogue.getId());
    syncConfigCustom = syncConfigService.save(roleConfigDto);
    // Start a sync again. Remove redundant catalogs is enabled -> Redundant relation from main catalog should be removed.
    helper.startSynchronization(syncConfigCustom);
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.UPDATE_ENTITY, 5, OperationResultType.SUCCESS);
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueRoleFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
        // Remove redundant catalogs is enabled -> Redundant relation from main catalog should be removed: The role is in 2 catalogs (one from system, one redundant).
        Assert.assertEquals(2, roleCatalogueRoleDtos.size());
        Assert.assertEquals(mainRoleCatalogue.getId(), roleCatalogueRoleDtos.get(0).getRoleCatalogue());
    });
    roleConfigDto.setRemoveCatalogueRoleSwitch(true);
    roleConfigDto.setRemoveCatalogueRoleParentNode(parentRoleCatalogue.getId());
    syncConfigCustom = syncConfigService.save(roleConfigDto);
    // Start a sync again. Remove redundant catalogs is enabled -> Redundant relation from parent catalog should be removed.
    helper.startSynchronization(syncConfigCustom);
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.UPDATE_ENTITY, 5, OperationResultType.SUCCESS);
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueRoleFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
        // Remove redundant catalogs is enabled ->  Redundant relation from parent catalog should be removed: The role is in 1 catalog.
        Assert.assertEquals(1, roleCatalogueRoleDtos.size());
        Assert.assertEquals(mainRoleCatalogue.getId(), roleCatalogueRoleDtos.get(0).getRoleCatalogue());
    });
    cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
Also used : IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter) IdmScriptFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmScriptFilter) IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) IdmScriptDto(eu.bcvsolutions.idm.core.api.dto.IdmScriptDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Example 18 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class DefaultRoleSynchronizationExecutorTest method testSyncRolesMembership.

@Test
public void testSyncRolesMembership() {
    AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
    SysSystemDto userSystem = helper.createTestResourceSystem(true);
    List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
    Assert.assertNotNull(userSystemMappings);
    Assert.assertEquals(1, userSystemMappings.size());
    SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
    // Switch to the sync.
    userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
    userMappingDto = systemMappingService.save(userMappingDto);
    List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
    SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
    Assert.assertNotNull(userEmailAttribute);
    Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
    Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
    SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
    SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
    SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
    UUID roleSystemId = schemaObjectClassDto.getSystem();
    Assert.assertNotNull(roleSystemId);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(roleSystemId);
    schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
    SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
    Assert.assertNotNull(schemaAttributeDto);
    SysSystemDto roleSystemDto = new SysSystemDto();
    roleSystemDto.setId(roleSystemId);
    List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
    Assert.assertNotNull(roleSystemMappings);
    Assert.assertEquals(1, roleSystemMappings.size());
    SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
    // Create mapping attribute for get ID of role.
    SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
    roleIdAttribute.setEntityAttribute(true);
    roleIdAttribute.setUid(false);
    roleIdAttribute.setSystemMapping(roleMappingDto.getId());
    roleIdAttribute.setExtendedAttribute(false);
    roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_MEMBERSHIP_ID_FIELD);
    roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
    roleIdAttribute.setName(helper.createName());
    attributeMappingService.save(roleIdAttribute);
    // Enable membership and use the user system.
    roleConfigDto.setMembershipSwitch(true);
    roleConfigDto.setMemberSystemMapping(userMappingDto.getId());
    roleConfigDto.setMemberOfAttribute(userEmailAttribute.getId());
    syncConfigCustom = syncConfigService.save(roleConfigDto);
    // 
    helper.startSynchronization(syncConfigCustom);
    // 
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
    List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
    Assert.assertEquals(1, logs.size());
    SysSyncLogDto log = logs.get(0);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setSystemId(roleSystemId);
    List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(5, roleAccountDtos.size());
    roleAccountDtos.forEach(roleAccountDto -> {
        SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
        roleSystemFilter.setRoleId(roleAccountDto.getRole());
        List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
        Assert.assertEquals(1, roleSystemDtos.size());
        SysRoleSystemDto roleSystem = roleSystemDtos.get(0);
        // Check mapping attribute (should be email).
        SysRoleSystemAttributeFilter roleSystemAttributeFilter = new SysRoleSystemAttributeFilter();
        roleSystemAttributeFilter.setRoleSystemId(roleSystem.getId());
        List<SysRoleSystemAttributeDto> roleSystemAttributeDtos = roleSystemAttributeService.find(roleSystemAttributeFilter, null).getContent();
        Assert.assertEquals(1, roleSystemAttributeDtos.size());
        Assert.assertEquals(userEmailAttribute.getId(), roleSystemAttributeDtos.get(0).getSystemAttributeMapping());
    });
    cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
Also used : SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysRoleSystemAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Example 19 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class DefaultRoleSynchronizationExecutorTest method testSyncRolesAssignToUsers.

@Test
public void testSyncRolesAssignToUsers() {
    AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
    SysSystemDto userSystem = helper.createTestResourceSystem(true);
    List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
    Assert.assertNotNull(userSystemMappings);
    Assert.assertEquals(1, userSystemMappings.size());
    SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
    // Switch to the sync.
    userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
    userMappingDto = systemMappingService.save(userMappingDto);
    SysSyncIdentityConfigDto userSyncConfig = createUserSyncConfig(userSystem);
    List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
    SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
    Assert.assertNotNull(userEmailAttribute);
    SysSystemAttributeMappingDto enableAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_ENABLE)).findFirst().orElse(null);
    Assert.assertNotNull(enableAttribute);
    enableAttribute.setDisabledAttribute(true);
    attributeMappingService.save(enableAttribute);
    Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
    Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
    SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
    SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
    SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
    UUID roleSystemId = schemaObjectClassDto.getSystem();
    Assert.assertNotNull(roleSystemId);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(roleSystemId);
    schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
    SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
    Assert.assertNotNull(schemaAttributeDto);
    SysSystemDto roleSystemDto = new SysSystemDto();
    roleSystemDto.setId(roleSystemId);
    List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
    Assert.assertNotNull(roleSystemMappings);
    Assert.assertEquals(1, roleSystemMappings.size());
    SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
    // Create mapping attribute for get ID of role.
    SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
    roleIdAttribute.setEntityAttribute(true);
    roleIdAttribute.setUid(false);
    roleIdAttribute.setSystemMapping(roleMappingDto.getId());
    roleIdAttribute.setExtendedAttribute(false);
    roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_MEMBERSHIP_ID_FIELD);
    roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
    roleIdAttribute.setName(helper.createName());
    attributeMappingService.save(roleIdAttribute);
    String usernameOne = getHelper().createName();
    String usernameTwo = getHelper().createName();
    // Create mapping attribute for get ID of role.
    SysSystemAttributeMappingDto membersRoleAttribute = new SysSystemAttributeMappingDto();
    membersRoleAttribute.setEntityAttribute(true);
    membersRoleAttribute.setUid(false);
    membersRoleAttribute.setSystemMapping(roleMappingDto.getId());
    membersRoleAttribute.setExtendedAttribute(false);
    membersRoleAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_MEMBERS_FIELD);
    membersRoleAttribute.setSchemaAttribute(schemaAttributeDto.getId());
    membersRoleAttribute.setName(helper.createName());
    membersRoleAttribute.setTransformFromResourceScript("return ['" + usernameOne + "', '" + usernameTwo + "'];");
    membersRoleAttribute = attributeMappingService.save(membersRoleAttribute);
    SysSchemaAttributeFilter schemaUserAttributeFilter = new SysSchemaAttributeFilter();
    schemaUserAttributeFilter.setSystemId(userSystem.getId());
    SysSchemaAttributeDto nameUserSchemaAttribute = schemaAttributeService.find(schemaUserAttributeFilter, null).getContent().stream().filter(attribute -> "name".equalsIgnoreCase(attribute.getName())).findFirst().orElse(null);
    Assert.assertNotNull(nameUserSchemaAttribute);
    // Enable membership, assign role to users,  and use the user system.
    roleConfigDto.setMembershipSwitch(true);
    roleConfigDto.setMemberSystemMapping(userMappingDto.getId());
    roleConfigDto.setMemberOfAttribute(enableAttribute.getId());
    roleConfigDto.setAssignRoleSwitch(true);
    roleConfigDto.setRoleMembersMappingAttribute(membersRoleAttribute.getId());
    roleConfigDto.setMemberIdentifierAttribute(nameUserSchemaAttribute.getId());
    roleConfigDto = (SysSyncRoleConfigDto) syncConfigService.save(roleConfigDto);
    Assert.assertNotNull(roleConfigDto.getMemberOfAttribute());
    Assert.assertNotNull(roleConfigDto.getRoleIdentifiersMappingAttribute());
    Assert.assertNotNull(roleConfigDto.getRoleMembersMappingAttribute());
    Assert.assertNotNull(roleConfigDto.getMemberIdentifierAttribute());
    // Init users on system.
    helper.deleteAllResourceData();
    TestResource resource = new TestResource();
    resource.setName(usernameOne);
    resource.setFirstname(usernameOne);
    resource.setLastname(usernameOne);
    helper.saveResource(resource);
    resource.setName(usernameTwo);
    resource.setFirstname(usernameTwo);
    resource.setLastname(usernameTwo);
    helper.saveResource(resource);
    // Start sync of users
    helper.startSynchronization(userSyncConfig);
    helper.checkSyncLog(userSyncConfig, SynchronizationActionType.CREATE_ENTITY, 2, OperationResultType.SUCCESS);
    IdmIdentityDto identityOne = identityService.getByUsername(usernameOne);
    Assert.assertNotNull(identityOne);
    IdmIdentityDto identityTwo = identityService.getByUsername(usernameTwo);
    Assert.assertNotNull(identityTwo);
    // Start sync of roles
    helper.startSynchronization(syncConfigCustom);
    // 
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
    List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
    Assert.assertEquals(1, logs.size());
    SysSyncLogDto log = logs.get(0);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setSystemId(roleSystemId);
    List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(5, roleAccountDtos.size());
    // Every role should be assigned to userOne and userTwo.
    roleAccountDtos.forEach(roleAccountDto -> {
        IdmIdentityRoleFilter identityRoleFilter = new IdmIdentityRoleFilter();
        identityRoleFilter.setRoleId(roleAccountDto.getRole());
        identityRoleFilter.setIdentityId(identityOne.getId());
        Assert.assertEquals(1, identityRoleService.find(identityRoleFilter, null).getContent().size());
        identityRoleFilter.setIdentityId(identityTwo.getId());
        Assert.assertEquals(1, identityRoleService.find(identityRoleFilter, null).getContent().size());
    });
    cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
Also used : SysSyncIdentityConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncIdentityConfigDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Example 20 with AccRoleAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter in project CzechIdMng by bcvsolutions.

the class DefaultRoleSynchronizationExecutorTest method testSyncRolesCatalogueUnderMain.

@Test
public void testSyncRolesCatalogueUnderMain() {
    AbstractSysSyncConfigDto syncConfigCustom = createSyncConfig();
    SysSystemDto userSystem = helper.createTestResourceSystem(true);
    List<SysSystemMappingDto> userSystemMappings = systemMappingService.findBySystem(userSystem, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY);
    Assert.assertNotNull(userSystemMappings);
    Assert.assertEquals(1, userSystemMappings.size());
    SysSystemMappingDto userMappingDto = userSystemMappings.get(0);
    // Switch to the sync.
    userMappingDto.setOperationType(SystemOperationType.SYNCHRONIZATION);
    userMappingDto = systemMappingService.save(userMappingDto);
    List<SysSystemAttributeMappingDto> attributeMappingDtos = schemaAttributeMappingService.findBySystemMapping(userMappingDto);
    SysSystemAttributeMappingDto userEmailAttribute = attributeMappingDtos.stream().filter(attribute -> attribute.getName().equalsIgnoreCase(TestHelper.ATTRIBUTE_MAPPING_EMAIL)).findFirst().orElse(null);
    Assert.assertNotNull(userEmailAttribute);
    Assert.assertFalse(syncConfigService.isRunning(syncConfigCustom));
    Assert.assertTrue(syncConfigCustom instanceof SysSyncRoleConfigDto);
    SysSyncRoleConfigDto roleConfigDto = (SysSyncRoleConfigDto) syncConfigCustom;
    SysSystemMappingDto systemMappingDto = DtoUtils.getEmbedded(syncConfigCustom, SysSyncConfig_.systemMapping, SysSystemMappingDto.class);
    SysSchemaObjectClassDto schemaObjectClassDto = DtoUtils.getEmbedded(systemMappingDto, SysSystemMapping_.objectClass, SysSchemaObjectClassDto.class);
    UUID roleSystemId = schemaObjectClassDto.getSystem();
    Assert.assertNotNull(roleSystemId);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(roleSystemId);
    schemaAttributeFilter.setObjectClassId(schemaObjectClassDto.getId());
    SysSchemaAttributeDto schemaAttributeDto = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase("name")).findFirst().orElse(null);
    Assert.assertNotNull(schemaAttributeDto);
    SysSystemDto roleSystemDto = new SysSystemDto();
    roleSystemDto.setId(roleSystemId);
    List<SysSystemMappingDto> roleSystemMappings = systemMappingService.findBySystem(roleSystemDto, SystemOperationType.SYNCHRONIZATION, SystemEntityType.ROLE);
    Assert.assertNotNull(roleSystemMappings);
    Assert.assertEquals(1, roleSystemMappings.size());
    SysSystemMappingDto roleMappingDto = roleSystemMappings.get(0);
    // Use ACC script "resolveRoleCatalogueUnderMainCatalogue".
    IdmScriptFilter scriptFilter = new IdmScriptFilter();
    scriptFilter.setCode(MsAdSyncMappingRoleAutoAttributesProcessor.RESOLVE_ROLE_CATALOG_UNDER_MAIN_SCRIPT);
    scriptFilter.setCategory(IdmScriptCategory.TRANSFORM_FROM);
    String catalogTransformationScript = null;
    IdmScriptDto scriptDto = scriptService.find(scriptFilter, null).getContent().stream().findFirst().orElse(null);
    if (scriptDto != null) {
        catalogTransformationScript = this.getPluginExecutors().getPluginFor(IdmScriptCategory.TRANSFORM_FROM).generateTemplate(scriptDto);
    }
    Assert.assertNotNull(catalogTransformationScript);
    // Create mapping attribute for get catalog.
    SysSystemAttributeMappingDto roleIdAttribute = new SysSystemAttributeMappingDto();
    roleIdAttribute.setEntityAttribute(true);
    roleIdAttribute.setUid(false);
    roleIdAttribute.setSystemMapping(roleMappingDto.getId());
    roleIdAttribute.setExtendedAttribute(false);
    roleIdAttribute.setIdmPropertyName(RoleSynchronizationExecutor.ROLE_CATALOGUE_FIELD);
    roleIdAttribute.setSchemaAttribute(schemaAttributeDto.getId());
    roleIdAttribute.setTransformFromResourceScript(catalogTransformationScript);
    roleIdAttribute.setName(helper.createName());
    roleIdAttribute = attributeMappingService.save(roleIdAttribute);
    IdmRoleCatalogueDto mainRoleCatalogue = getHelper().createRoleCatalogue();
    // Enable assign of role catalogue.
    roleConfigDto.setAssignCatalogueSwitch(true);
    roleConfigDto.setRemoveCatalogueRoleSwitch(false);
    roleConfigDto.setMainCatalogueRoleNode(mainRoleCatalogue.getId());
    syncConfigCustom = syncConfigService.save(roleConfigDto);
    // 
    helper.startSynchronization(syncConfigCustom);
    // 
    SysSyncLogFilter logFilter = new SysSyncLogFilter();
    logFilter.setSynchronizationConfigId(syncConfigCustom.getId());
    List<SysSyncLogDto> logs = syncLogService.find(logFilter, null).getContent();
    Assert.assertEquals(1, logs.size());
    SysSyncLogDto log = logs.get(0);
    Assert.assertFalse(log.isRunning());
    Assert.assertFalse(log.isContainsError());
    helper.checkSyncLog(syncConfigCustom, SynchronizationActionType.CREATE_ENTITY, 5, OperationResultType.SUCCESS);
    AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
    roleAccountFilter.setSystemId(roleSystemId);
    List<AccRoleAccountDto> roleAccountDtos = roleAccountService.find(roleAccountFilter, null).getContent();
    Assert.assertEquals(5, roleAccountDtos.size());
    roleAccountDtos.forEach(roleAccountDto -> {
        UUID roleId = roleAccountDto.getRole();
        IdmRoleCatalogueRoleFilter roleCatalogueRoleFilter = new IdmRoleCatalogueRoleFilter();
        roleCatalogueRoleFilter.setRoleId(roleId);
        List<IdmRoleCatalogueRoleDto> roleCatalogueRoleDtos = roleCatalogueRoleService.find(roleCatalogueRoleFilter, null).getContent();
        Assert.assertEquals(1, roleCatalogueRoleDtos.size());
        Assert.assertEquals(mainRoleCatalogue.getId(), roleCatalogueRoleDtos.get(0).getRoleCatalogue());
    });
    cleanAfterTest(syncConfigCustom, roleSystemId, log, roleAccountDtos);
}
Also used : IdmRoleCatalogueRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleCatalogueRoleFilter) IdmScriptFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmScriptFilter) IdmRoleCatalogueRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueRoleDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) AccRoleAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) IdmRoleCatalogueDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleCatalogueDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractSysSyncConfigDto(eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto) SysSyncRoleConfigDto(eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto) AccRoleAccountDto(eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto) SysSyncLogFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) IdmScriptDto(eu.bcvsolutions.idm.core.api.dto.IdmScriptDto) SysSchemaObjectClassDto(eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto) UUID(java.util.UUID) SysSyncLogDto(eu.bcvsolutions.idm.acc.dto.SysSyncLogDto) AbstractBulkActionTest(eu.bcvsolutions.idm.test.api.AbstractBulkActionTest) Test(org.junit.Test)

Aggregations

AccRoleAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccRoleAccountFilter)23 AccRoleAccountDto (eu.bcvsolutions.idm.acc.dto.AccRoleAccountDto)21 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)16 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)16 Test (org.junit.Test)16 UUID (java.util.UUID)14 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)12 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)12 SysSyncLogDto (eu.bcvsolutions.idm.acc.dto.SysSyncLogDto)12 SysSyncRoleConfigDto (eu.bcvsolutions.idm.acc.dto.SysSyncRoleConfigDto)12 SysSyncLogFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncLogFilter)12 AbstractBulkActionTest (eu.bcvsolutions.idm.test.api.AbstractBulkActionTest)12 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)11 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)11 SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)11 SysRoleSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter)9 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)8 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)8 SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)6 SysRoleSystemAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemAttributeFilter)5